USN-1903-1: Apache HTTP Server vulnerabilities

Ubuntu Security Notice USN-1903-1

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 13.04

Ubuntu 12.10

Ubuntu 12.04 LTS

Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the Apache HTTP Server.

Software description

apache2
- Apache HTTP server

Details

It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attackercould possibly use this flaw to execute arbitrary commands by injectingescape sequences in the log file. (CVE-2013-1862)

It was discovered that the mod_dav module incorrectly handled certain MERGErequests. A remote attacker could use this issue to cause the server tostop responding, resulting in a denial of service. (CVE-2013-1896)

Update instructions

The problem can be corrected by updating your system to the following
package version: